RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd)

[Jeremy Epstein <jepstein () tis com>]

In Vol 1 # 209 there are a few misconceptions about what the Australians
are up to.

Bret Watson wrote:
> I've seen some more info on it... basicall its a firewall appliance running
> what appears to be some form of application proxy...

No it's not.  It *truly* is a diode with one way data transfer.  If you
don't believe me, read the paper in the Annual Computer Security
Applications Conference in 1996 (I think) by Mark Anderson.

> Its a pity that the marketing driods have tried to hype it using what I can
> only describe as "bullshit terms".. such as "digital diode - allows
> information to flow in one direction only" .. Personally if I was in the
> defense dept over here I'd be worried reading things like that..

I'm more worried about people here who don't realize they've managed to do
something quite nice!

Then ark () eltex ru asked:
> Hmm and how does classified side make requests? Or it does not?
> So what protocols can it use?

It doesn't!  That's exactly the point.  On the high side, you can only
communicate with high side systems.  If you want to make a low side
request, you flip the switch to the low side (so your keyboard & mouse are
pointing there) and run software on the low side machine to make your
request.  Presuming that the *people* aren't deliberately leaking
information (*), there's no way for data to leak, since malicious software
has no way to send from high to low.

(*) If people are doing the leaking, there's much more efficient ways than
by retyping data from the high side onto the low side.

Paul McNabb wrote:
> I've poked around on these sites and it appears that the Australians
> are finally commercializing the old CMW technology, something that
> was done years ago here in the U.S.  I wonder if they've added anything
> of value or if they are just repackaging it?  I know of at least six
> products that do exactly what is described by the Australian web pages,
> and do it on a single machine with properly modified/secured X servers
> and network stacks.

Paul, it's emphatically not CMW technology.  CMW relied on medium assurance
(i.e., B1) operating systems and windowing systems to provide a modicum of
separation.  This has only two small trusted parts: a one-way diode and an
A/B switch.  It's certainly not repackaging.  Everything else is completely
untrusted.  So you don't need trusted operating systems or windowing
systems, both of which are VERY hard to do with any degree of assurance.
And as a result, you can get very high assurance.  [If the NSA evaluated
things like this, I'm reasonably confident it could meet TCSEC A1 without
much difficulty.  But since it's not an operating system, but rather a
nifty device, the NSA doesn't know how to evaluate it.  Luckily, there are
other criteria besides Orange Book that are more flexible for things like
this.]

Truth be told, it's most similar to the TRW Trusted X research prototype
that I did in the early 1990s.  It uses many of the same concepts (Mark
Anderson, the inventor of the Australian box, attended a tutorial I gave
and came up with a better solution than I had).

--Jeremy
---------------------------------+-------------------------------------
| Jeremy Epstein                 |  E-mail: jepstein () tis com          |
| TIS Labs at Network Associates |  Voice:  +1 (703) 356-4938         |
| Northern Virginia Office       |  Fax:    +1 (703) 821-8426         |
---------------------------------+-------------------------------------